LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (http://www.linuxquestions.org/questions/linux-networking-3/)
-   -   convert LAN IP address to Host Name when I give cmd tail -f /var/log/squid/access.log (http://www.linuxquestions.org/questions/linux-networking-3/convert-lan-ip-address-to-host-name-when-i-give-cmd-tail-f-var-log-squid-access-log-577988/)

rs15 08-18-2007 07:05 AM

convert LAN IP address to Host Name when I give cmd tail -f /var/log/squid/access.log
 
I am using Fedora 4. I have configured squid as a proxy server for my official LAN. When I monitor the log I want the local IP's hostname when it sends http request to proxy server.How can I convert LAN IP address to Host Name when I give command
tail -f /var/log/squid/access.log?

rtg 08-19-2007 02:40 AM

Code:

#!/usr/bin/perl

use strict;
use IO::File;
use Fcntl qw(:seek);
use Socket;

my $fh = IO::File->new('/var/log/squid/access.log');

my $line;
while(1) {
    $fh->seek(0,1);
    $line = $fh->getline();
    if ($line) {
        chomp $line;
        my (@fields) = split(' ', $line);
        my $addr = $fields[2];
        my $name = gethostbyaddr(inet_aton($addr), AF_INET);
        if ($name) {
            $fields[2] = $name;
        }
        print join(' ', @fields), "\n";
    }
}

simple tail -f in perl with resolver requests :)

Have fun :)

rtg 08-19-2007 02:46 AM

Code:

use strict;
use IO::File;
use Fcntl qw(:seek);
use Socket;

my $fh = IO::File->new('/var/log/squid/access.log');

my $line;
while(1) {
    $fh->seek(0,1);
    $line = $fh->getline();
    if ($line) {
        chomp $line;
        my (@fields) = split(' ', $line);
        my $addr = $fields[2];
        my $name = gethostbyaddr(inet_aton($addr), AF_INET);
        if ($name) {
            $fields[2] = $name;
        }
        print join(' ', @fields), "\n";
    }
    else { 
        sleep 1;
    }
}

I've added sleep call because the previous version eats 100% CPU :(

rs15 08-19-2007 05:41 AM

Quote:

Originally Posted by rtg (Post 2863540)
Code:

use strict;
use IO::File;
use Fcntl qw(:seek);
use Socket;

my $fh = IO::File->new('/var/log/squid/access.log');

my $line;
while(1) {
    $fh->seek(0,1);
    $line = $fh->getline();
    if ($line) {
        chomp $line;
        my (@fields) = split(' ', $line);
        my $addr = $fields[2];
        my $name = gethostbyaddr(inet_aton($addr), AF_INET);
        if ($name) {
            $fields[2] = $name;
        }
        print join(' ', @fields), "\n";
    }
    else { 
        sleep 1;
    }
}

I've added sleep call because the previous version eats 100% CPU :(

Thank you very much for your quick reply. But there are too many things in /usr/lib/perl. How and where should I insert this code? For your kind information I am very new linux environment.

Regards
rs15

rtg 08-19-2007 09:20 AM

Ah, no, you should not put the script to the perl lib path.

Just save it as a file in your home directory (say squid-tail.pl) , then add
Code:

#!/usr/bin/perl
to the beginning of the script.

Change the rights to be 0755 -
Code:

chmod 0755 squid-tail.pl
and just run it under the user that has access to /var/log/squid:

./squid-tail.pl

or

perl squid-tail.pl -the script will start printing out all the lines from the log trying to resolve the ip addresses.

Feel free to ask if something is not quite clear.

rs15 08-20-2007 02:46 AM

yeh...., I have done the job, at last. Thanks a lot. It shows the hostname instead of IP. But when I put the command perl squid-tail.pl, it executes the whole access.log file. Is it possible to show only desired part or latest part of access.log.

Regards
RS15

aq_mishu 01-22-2012 01:45 AM

Now a little help please
 
guys,
Thanks for code. That is fantastic. But here are the two things...

How much resource it will actually take?? I have a Local DNS and resolving is damn fast infact. using this, using Vyatta Squid and SARG, i can track my hosts (300 of them) easily. But again, as it is a continuously running script with a forever while loop, how can i put it integrated so that it will do the lookup on a controlled manner, like a cron job, as first it will be executed then the "sarg-reports daily" in hour basis. This way, I dont want to keep it running for ever and to run it just when i'm making the log analysis.

I call this an another way to save resource.

I'm running centos 5.7 on a esxi 4.1

Mishu~


All times are GMT -5. The time now is 07:13 AM.